oss-sec mailing list archives
Re: CVE Request: OSSIM multiple vulnerabilities
From: cve-assign () mitre org
Date: Fri, 22 May 2015 11:10:35 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple vulnerabilities were found in OSSIM < 5.0.1
https://www.alienvault.com/forums/discussion/5127
AlienVault ID: ENG-99866 Description: Vulnerability in the asset discovery scanner makes it possible to escalate privileges so that any command inserted on the os.execute method will be launched as root. AV:L Attribution: Vincent Hautot at Sysdream
OSSIM uses *sudo* to launch a nmap scan for network discovery, allowing privilege escalation through a specifically crafted nmap script.
/etc/sudoers www-data ALL=NOPASSWD: /usr/bin/nmap
sudo nmap --script=/tmp/exec 127.0.0.1 -p 80
Use CVE-2015-4045.
AlienVault ID: ENG-99865 Description: Vulnerability in the asset discovery scanner makes it possible to execute a command remotely to run an asset discovery scan. AV:N Attribution: Vincent Hautot at Sysdream
/ossim/netscan/do_scan.php?assets[]=;ncat
/usr/share/ossim/www/netscan/do_scan.php $cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '$assets_p' system($cmd);
Use CVE-2015-4046. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVX0aYAAoJEKllVAevmvms++gH/jGnE5Huvhpv+zb6/gRfIH2s F6zwEm9u5/u0Hi2FfUDWFJVvBXbXyt6yEgU2lbJZQXy5d/un30PzGcdJuEvSZ4nI 8AXo4rl2zHabt5daNhGPrfQnjQIvs8nx7cM2lMp+dhRWIE4gbr10FJdlwaZWUspJ 5/CVJJoA8dEJ5302gPEYP9NJdAVGYeiPlh7CcVdPthnt6mh2tXkazhjZjz6V7mJh oOxtPvm50WCa5vOcVqzP8XtcGq0I2HNaQLQZaSdYT2zuan6wbXp6b9sBKwsqd3xD BMq624mQiUyiMydaO7+8ZTCCThiev0h20wcacrX83NzaLQS/jV15p+ZwnXRPMLU= =hHfc -----END PGP SIGNATURE-----
Current thread:
- CVE Request: OSSIM multiple vulnerabilities Damien Cauquil (May 13)
- Re: CVE Request: OSSIM multiple vulnerabilities cve-assign (May 22)